Azure.ResourceManager.Authorization を使えばできた。
www.nuget.org
リソースの共同作成者を割り当ててみたサンプル。
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.Authorization;
using Azure.ResourceManager.Authorization.Models;
using Azure.ResourceManager.Sql;
var armClient = new ArmClient(new DefaultAzureCredential());
var sqlServerResourceId = SqlServerResource.CreateResourceIdentifier(
subscriptionId: "your subscription id",
resourceGroupName: "your resource group name",
serverName: "your server name");
var servicePrincipalId = new Guid("your service principal id");
await AssignContributorRoleAsync(
armClient: armClient,
resourceIdentifier: sqlServerResourceId,
principalId: servicePrincipalId);
async static ValueTask AssignContributorRoleAsync(ArmClient armClient, ResourceIdentifier resourceIdentifier, Guid principalId)
{
const string ContributorRoleId = "b24988ac-6180-42a0-ab88-20f7382dd24c";
await AssignRoleAsync(
armClient: armClient,
principalId: principalId,
roleAssignmentName: ContributorRoleId,
scope: resourceIdentifier.ToString());
}
async static ValueTask<RoleAssignmentResource> AssignRoleAsync(ArmClient armClient, Guid principalId, string roleAssignmentName, string scope)
{
var roleAssignmentResourceId = RoleAssignmentResource.CreateResourceIdentifier(
scope: scope,
roleAssignmentName: roleAssignmentName);
var roleAssignmentResource = armClient.GetRoleAssignmentResource(roleAssignmentResourceId);
var content = new RoleAssignmentCreateOrUpdateContent(
roleDefinitionId: roleAssignmentResource.Id,
principalId: principalId)
{
PrincipalType = RoleManagementPrincipalType.ServicePrincipal,
};
var armOperation = await roleAssignmentResource.UpdateAsync(
waitUntil: WaitUntil.Completed,
content: content);
var response = await armOperation.WaitForCompletionAsync();
return response.Value;
}